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This listing of claims will replace all prior versions and listings of claims in this 
application: 

Listing of Claims 

1 . (Currently amended) A method for transmitting data in an IP network 
comprising: 

receiving, by an appliance having a central processing unit (CPU) , a data 

transmission in the IP network; 
extracting a source address, a destination address, and at least one port from a 

header of the data transmission; 
looking up the source address and the destination address in an address mask 

table and determining a most granular bit-value mask by finding a longest 

prefix match corresponding to each of the source address and the 

destination address to obtain address result values, the address mask table 

having a plurality of bit- value masks, wherein the plurality of bit- value 

masks have a plurality of granularities; 
looking up the at least one port in a port mask table to obtain port result values; 
forming a source and destination and port flow key based on the address result 

values and the port result values; 
looking up a flow key in a source and destination and port flow table to find a 

corresponding flow entry; and 
if the flow entry indicates to deny the data transmission, blocking the data 

transmission, otherwise transmitting the data transmission in the IP 

network with a service profile specified by the flow entry; 
if no bit-value mask in the address mask table corresponds to the source 

address or the destination address, no mask is applied to the source 

address or the destination address. 

2. (Canceled) 
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3. (Canceled) 



4. (Previously presented) The method according to claim 3, further comprising: 
if no flow entry corresponds to the formed flow key, a default value is used for 

the flow entry. 

5. (Canceled) 

6. (Canceled) 

7. (Canceled) 

8. (Previously presented) The method according to claim 1, further comprising: 
entering a bit-value mask in the mask table by a service provider. 

9. (Previously presented) The method according to claim 1, wherein the bit- 
value mask in the mask table corresponds to a range of a plurality of subscribers 
to a service. 

10. (Previously presented) The method according to claim 9, wherein the 
plurality of subscribers includes at least one selected from a group consisting of 
network hosts and a sub-network. 

1 1 . (Previously presented) The method according to claim 1 , wherein the bit- 
value mask corresponds to at least one network application. 

12. (Previously presented) The method according to claim 1, wherein the flow 
entry includes transmission information. 

13. (Previously presented) The method according to claim 12, wherein the 
transmission information includes at least one selected from a group consisting of 
application specific qualities and service specific qualities. 



3 of 5 



Application No.: 10/673,999 

Amendment dated: My 29, 2009 

Reply to Notice of Allowability of July 8, 2009 

Attorney Docket No . : 00 1 6 .0026US 1 

14. (Previously presented) The method according to claim 13, wherein the 
transmission information includes at least one selected from a group consisting of 
policy, quality of service, and latency. 

15. (Currently amended) A system for transmitting data comprising: 
an appliance having a central processing unit (CPU) ; 

a receiving unit configured to receive a data transmission in an IP network; 
an extraction unit configured to extract a source address, a destination address, 

and at least one port from a header of the data transmission; 
a mask table including a plurality of bit- value masks, wherein the plurality of 

bit-value masks include a plurality of granularities; 
a masking unit configured to determine a most granular bit-value mask by 

finding a longest prefix match corresponding to each of the source address 

and the destination address and finding a match for the port and output a 

masked flow key based on the matches; 
a flow table indexed with reference to the masked flow key; and 
a transmitter configured to transmit the data transmission in an IP network 

according to a flow entry in the flow table corresponding to the masked 

flow key of the data transmission. 

16. (Canceled) 

17. (Canceled) 

18. (Canceled) 

19. (Canceled) 

20. (Previously presented) The method according to claim 15, wherein the bit 
value mask is configured to allow at least one bit- value mask to be entered by a 
service provider. 
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